1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
package main
import (
"crypto"
"crypto/ed25519"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"flag"
"fmt"
"log"
"os"
"strings"
)
var (
keyType string
nBits int
filename string
)
func init() {
flag.StringVar(&keyType, "t", "rsa", "key type (rsa, ed25519)")
flag.IntVar(&nBits, "b", 3072, "number of bits in the key (only for RSA)")
flag.StringVar(&filename, "f", "dkim.priv", "private key filename")
flag.Parse()
}
func main() {
var (
privKey crypto.Signer
err error
)
switch keyType {
case "rsa":
log.Printf("Generating a %v-bit RSA key", nBits)
privKey, err = rsa.GenerateKey(rand.Reader, nBits)
case "ed25519":
log.Printf("Generating an Ed25519 key")
_, privKey, err = ed25519.GenerateKey(rand.Reader)
default:
log.Fatalf("Unsupported key type %q", keyType)
}
if err != nil {
log.Fatalf("Failed to generate key: %v", err)
}
privBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
if err != nil {
log.Fatalf("Failed to marshal private key: %v", err)
}
f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
log.Fatalf("Failed to create key file: %v", err)
}
defer f.Close()
privBlock := pem.Block{
Type: "PRIVATE KEY",
Bytes: privBytes,
}
if err := pem.Encode(f, &privBlock); err != nil {
log.Fatalf("Failed to write key PEM block: %v", err)
}
if err := f.Close(); err != nil {
log.Fatalf("Failed to close key file: %v", err)
}
log.Printf("Private key written to %q", filename)
var pubBytes []byte
switch pubKey := privKey.Public().(type) {
case *rsa.PublicKey:
// RFC 6376 is inconsistent about whether RSA public keys should
// be formatted as RSAPublicKey or SubjectPublicKeyInfo.
// Erratum 3017 (https://www.rfc-editor.org/errata/eid3017)
// proposes allowing both. We use SubjectPublicKeyInfo for
// consistency with other implementations including opendkim,
// Gmail, and Fastmail.
pubBytes, err = x509.MarshalPKIXPublicKey(pubKey)
if err != nil {
log.Fatalf("Failed to marshal public key: %v", err)
}
case ed25519.PublicKey:
pubBytes = pubKey
default:
panic("unreachable")
}
params := []string{
"v=DKIM1",
"k=" + keyType,
"p=" + base64.StdEncoding.EncodeToString(pubBytes),
}
log.Println("Public key, to be stored in the TXT record \"<selector>._domainkey\":")
fmt.Println(strings.Join(params, "; "))
}
|
